The Compliance Conundrum: Monitoring Apps with Compliance in Mind
by admin
In some industries, application issues are not just a bother for users and customers, but can bring on financial pain. This February, Australia’s Commonwealth Bank experienced an outage which affected its ATM machines, allowing people to withdraw large sums of cash regardless of their account balances. Last spring, the IT department of a large U.S. financial institution also ran into troubles with a critical financial reporting application.
The bank noticed a disturbing trend in batch processing of a set of financial transactions. The process was slowing to the point where the bank was in danger of violating SEC rules for daily transaction reporting.
Missing the deadline by even a minute can result in fines of $100,000 or more. The problem quickly escalated up to the CIO and other senior managers. Fortunately, the bank’s IT group was able to use a performance management solution to determine the root cause of the problem and resolve it, which consisted of fine-tuning the application and purchasing additional storage.
Too often, IT departments don’t know about a problem before it’s too late and users or customers are unable to access data or perform key transactions. If your company is subject to government regulations, that’s a risky way to operate. But IT operates in the here and now. They have to solve problems in the queue, and don’t typically have time worry about what could happen. There’s got to be a middle ground.
Without reliable methods for monitoring applications in real-time and delivering speedy resolution, banks, government agencies, medical device, pharmaceutical, consumer goods companies and other highly-regulated organizations are at risk for non-compliance. They may also lose customers and revenues in the process.
The intersection of compliance and application performance
What do IT managers and application owners need to consider when it comes to compliance today?
Centralized control and visibility
To start, IT needs to build a foundation that ensures the reliability of systems and availability of data and batch processing in a timely manner for all constituents. This may seem like an obvious point, yet with the growing complexity of IT environments, it’s not so easy. Not only do enterprise IT departments have significant data management challenges from the ever-growing volume of transactions it must support daily, but also must maintain hundreds of applications and services including apps on company-supported mobile phones. Then there’s the cloud. The popularity of virtualization and cloud computing has resulted in hybrid environments in which data travels quickly between physical and virtual infrastructure behind the scenes.
That dynamic infrastructure provides flexibility yet also means it can be harder to determine the path of transactions when needed.
Managing the modern IT environment appropriately requires processes and systems that help keep everyone on the same page so that when application performance begins to suffer, the database manager, application management and network manager all have access to the same set of data for monitoring and troubleshooting. This saves time and effort, but also reduces risk by helping prevent issues in critical systems.
Tracing transactions and user behavior
There are many situations in regulated businesses in which IT managers need detailed information about transaction history and in-process transactions. Take the example of a financial institution which must meet daily reporting deadlines for mutual fund pricing. Even though infrastructure management systems report a “green” status, IT may have no clue whether these so-called reconciliation transactions are running smoothly. Tools that provide an active view into in-flight transactions can ensure on-time completion of the batch report and therefore prevent huge financial penalties.
On the same token, what about public companies with mandated deadlines for reporting end-of-quarter financials? Missing those deadlines could mean being delisted from the stock exchange, among other possible penalties. If an application begins to slow down, IT needs to know where the slowdowns are occurring and for which specific transactions, so that they can resolve the problem before it becomes a compliance issue.
Companies may also have reason to track how users are accessing particular files or storing data. Government agencies and defense companies can’t store data in offshore servers, a detail that may escape a U.S.-based IT manager sending files to a support center in Bangalore. This calls for processes, system controls and monitoring tools that can prevent illegal data transfer and storage breaches.
Planning for disasters
It’s not always possible to prevent a situation such as that encountered by Chase Bank in the fall of 2010. A problem in one of the bank’s database applications created a series of events that led to the shutdown of its online banking site. The outage lasted for two days and affected millions of customers. When it was over, a company spokesperson said that the bank would pay any late fees for customers that missed payment deadlines as a result of the shutdown.
Whether the bank was proactive enough in monitoring its applications, particularly those that have direct impact on customer service, is unclear. Real-time alerts, detailed dashboards with drill-down capabilities, outsourcing services and other management systems can help companies avoid performance issues resulting in major disruptions for customers.
Then there are internal customers to consider: an organization that is nearing the deadline for employee benefits registration should plan for the possible impact of a surge of users accessing the HR portal within a 24-hour period. IT should have the ability to proactively tweak poor-performing objects so that they don’t come to a head in times of heavy application usage.
While neither of these above examples relate to industry compliance, being able to effectively prevent and handle other critical and unpredictable application issues means that your organization is even more capable of meeting rigid regulatory requirements. These capabilities are possible without costly consulting resources or hiring staff.
At the end of the day, application performance in mission-critical systems is imperative to maintaining lawful operations, which protects revenues and customer relationships and reduces risk. It requires a thoughtful plan, a set of processes that relate specifically to your business and industry, staff training, and centralized management and monitoring of systems to ensure that your organization is ready for any contingency.
This was a guest article by Zohar Gilad, Executive VP of Precise
Related posts:
